Skills
skills/toolshell/skills/og-image-design/Gen Agent Trust Hub

og-image-design

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the infsh CLI within Bash to perform image generation tasks and interact with the inference.sh platform.
  • [EXTERNAL_DOWNLOADS]: The documentation references the installation of the inference-sh/skills package via npx, which is the vendor's standard method for distributing agent tools.
  • [REMOTE_CODE_EXECUTION]: The skill utilizes the infsh app run command to execute remote functions on the inference.sh platform for rendering HTML into images and running generative AI models.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface where external data, such as blog titles or descriptions, is intended to be interpolated into HTML strings for rendering.
  • Ingestion points: The html property within the --input JSON parameter of the infsh app run command.
  • Boundary markers: None are present in the provided examples to prevent content from escaping the intended HTML structure.
  • Capability inventory: The skill possesses the ability to execute any command supported by the infsh tool via the Bash environment.
  • Sanitization: The skill does not provide or describe methods for sanitizing or escaping dynamic input before it is used in the HTML rendering process.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 12:07 PM